In the rapidly evolving digital landscape, the security of software systems has become paramount. However, a critical shortage of security experts makes it challenging to adequately protect these systems. Security patterns provide proven solutions to recurring security problems, helping architects design secure systems. Despite their potential, their practical use remains limited due to the lack of security-relevant information necessary for secure implementation and the limited guidance in selecting appropriate patterns. This thesis addresses these limitations by introducing the Security Design Pattern Description Metamodel, which enables the creation of Security Design Patterns (SDPs) that incorporate essential security information and explicit pattern relationships. To assist architects in selecting suitable SDPs, we introduce the SDP Knowledge Bases Metamodel, which enables Constraint-based Recommender Systems (CBRSs) to recommend appropriate SDPs. Our methodology involves analyzing security solutions in open source software to identify essential elements that can contribute to the practical use of SDPs. Based on these findings, we iteratively developed concrete SDPs and knowledge bases, capturing their elements and relationships within co-evolving metamodels. The metamodels are validated through application examples, namely OpenID Connect Authentication and Password-based Authentication. These examples show how pattern relationships and important security-relevant information, such as data requirements, can be effectively represented in SDPs to facilitate the implementation of secure systems. In addition, a synthetic recommendation example illustrates the effective use of knowledge bases in a CBRS. By decoupling the pattern description and selection process, this thesis makes security patterns accessible to a broader audience and provides a foundation for advancing research in secure software design.

Resources

• Thesis report